CVE-2022-29868
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.
1Password para Mac versiones 7.2.4 hasta 7.9.x anteriores a 7.9.3, es vulnerable a una omisión de comprobación de procesos. El software malicioso que es ejecutado en el mismo equipo puede exfiltrar secretos de 1Password siempre que éste esté ejecutándose y esté desbloqueado. Los secretos afectados incluyen elementos de la bóveda y valores derivados usados para iniciar sesión en 1Password
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-04-27 CVE Reserved
- 2022-05-09 CVE Published
- 2023-11-30 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.1password.com/kb/202204 | 2022-05-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| 1password Search vendor "1password" | 1password Search vendor "1password" for product "1password" | >= 7.2.4 < 7.9.3 Search vendor "1password" for product "1password" and version " >= 7.2.4 < 7.9.3" | macos |
Affected
| ||||||